| OLD | NEW |
|---|
| (Empty) | |
| 1 # Copyright 2015 Google Inc. All rights reserved. |
| 2 # |
| 3 # Licensed under the Apache License, Version 2.0 (the "License"); |
| 4 # you may not use this file except in compliance with the License. |
| 5 # You may obtain a copy of the License at |
| 6 # |
| 7 # http://www.apache.org/licenses/LICENSE-2.0 |
| 8 # |
| 9 # Unless required by applicable law or agreed to in writing, software |
| 10 # distributed under the License is distributed on an "AS IS" BASIS, |
| 11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 12 # See the License for the specific language governing permissions and |
| 13 # limitations under the License. |
| 14 """pyCrypto Crypto-related routines for oauth2client.""" |
| 15 |
| 16 from Crypto.PublicKey import RSA |
| 17 from Crypto.Hash import SHA256 |
| 18 from Crypto.Signature import PKCS1_v1_5 |
| 19 from Crypto.Util.asn1 import DerSequence |
| 20 import six |
| 21 |
| 22 from oauth2client._helpers import _parse_pem_key |
| 23 from oauth2client._helpers import _urlsafe_b64decode |
| 24 |
| 25 |
| 26 class PyCryptoVerifier(object): |
| 27 """Verifies the signature on a message.""" |
| 28 |
| 29 def __init__(self, pubkey): |
| 30 """Constructor. |
| 31 |
| 32 Args: |
| 33 pubkey, OpenSSL.crypto.PKey (or equiv), The public key to verify with. |
| 34 """ |
| 35 self._pubkey = pubkey |
| 36 |
| 37 def verify(self, message, signature): |
| 38 """Verifies a message against a signature. |
| 39 |
| 40 Args: |
| 41 message: string or bytes, The message to verify. If string, will be |
| 42 encoded to bytes as utf-8. |
| 43 signature: string or bytes, The signature on the message. |
| 44 |
| 45 Returns: |
| 46 True if message was signed by the private key associated with the public |
| 47 key that this object was constructed with. |
| 48 """ |
| 49 if isinstance(message, six.text_type): |
| 50 message = message.encode('utf-8') |
| 51 return PKCS1_v1_5.new(self._pubkey).verify( |
| 52 SHA256.new(message), signature) |
| 53 |
| 54 @staticmethod |
| 55 def from_string(key_pem, is_x509_cert): |
| 56 """Construct a Verified instance from a string. |
| 57 |
| 58 Args: |
| 59 key_pem: string, public key in PEM format. |
| 60 is_x509_cert: bool, True if key_pem is an X509 cert, otherwise it is |
| 61 expected to be an RSA key in PEM format. |
| 62 |
| 63 Returns: |
| 64 Verifier instance. |
| 65 """ |
| 66 if is_x509_cert: |
| 67 if isinstance(key_pem, six.text_type): |
| 68 key_pem = key_pem.encode('ascii') |
| 69 pemLines = key_pem.replace(b' ', b'').split() |
| 70 certDer = _urlsafe_b64decode(b''.join(pemLines[1:-1])) |
| 71 certSeq = DerSequence() |
| 72 certSeq.decode(certDer) |
| 73 tbsSeq = DerSequence() |
| 74 tbsSeq.decode(certSeq[0]) |
| 75 pubkey = RSA.importKey(tbsSeq[6]) |
| 76 else: |
| 77 pubkey = RSA.importKey(key_pem) |
| 78 return PyCryptoVerifier(pubkey) |
| 79 |
| 80 |
| 81 class PyCryptoSigner(object): |
| 82 """Signs messages with a private key.""" |
| 83 |
| 84 def __init__(self, pkey): |
| 85 """Constructor. |
| 86 |
| 87 Args: |
| 88 pkey, OpenSSL.crypto.PKey (or equiv), The private key to sign with. |
| 89 """ |
| 90 self._key = pkey |
| 91 |
| 92 def sign(self, message): |
| 93 """Signs a message. |
| 94 |
| 95 Args: |
| 96 message: string, Message to be signed. |
| 97 |
| 98 Returns: |
| 99 string, The signature of the message for the given key. |
| 100 """ |
| 101 if isinstance(message, six.text_type): |
| 102 message = message.encode('utf-8') |
| 103 return PKCS1_v1_5.new(self._key).sign(SHA256.new(message)) |
| 104 |
| 105 @staticmethod |
| 106 def from_string(key, password='notasecret'): |
| 107 """Construct a Signer instance from a string. |
| 108 |
| 109 Args: |
| 110 key: string, private key in PEM format. |
| 111 password: string, password for private key file. Unused for PEM files. |
| 112 |
| 113 Returns: |
| 114 Signer instance. |
| 115 |
| 116 Raises: |
| 117 NotImplementedError if the key isn't in PEM format. |
| 118 """ |
| 119 parsed_pem_key = _parse_pem_key(key) |
| 120 if parsed_pem_key: |
| 121 pkey = RSA.importKey(parsed_pem_key) |
| 122 else: |
| 123 raise NotImplementedError( |
| 124 'PKCS12 format is not supported by the PyCrypto library. ' |
| 125 'Try converting to a "PEM" ' |
| 126 '(openssl pkcs12 -in xxxxx.p12 -nodes -nocerts > privatekey.pem) ' |
| 127 'or using PyOpenSSL if native code is an option.') |
| 128 return PyCryptoSigner(pkey) |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1260293009:
make version of ts_mon compatible with appengine (Closed)
Base URL: https://chromium.googlesource.com/infra/infra.git@master